2 * Writen by Devrim SERAL(devrim@tef.gazi.edu.tr)
8 #if defined(DB_MYSQL) && defined(DB)
22 #define AUTHSQL "SELECT %s FROM %s WHERE %s=\"%s\""
23 #define ACCTSQL "INSERT INTO %s (usern,s_name,c_name,elapsed_time,bytes_in,bytes_out,fin_t) VALUES (\"%s\",\"%s\",\"%s\",%s,%s,%s,NOW())"
26 static MYSQL_RES *res;
30 int mysql_db_verify TAC_ARGS((const char *user, const char *users_passwd, const char *db_user, const char *db_password, const char *db_hostname, const char *db_name, const char *db_table, const char *dbfield_name, const char *dbfield_passwd));
32 int mysql_db_verify(user, users_passwd, db_user, db_password,
33 db_hostname, db_name, db_table, dbfield_name, dbfield_passwd)
34 const char *user; /* username ... */
35 const char *users_passwd; /* ... and given password */
36 const char *db_user; /* db's parameters */
37 const char *db_password;
38 const char *db_hostname;
41 const char *dbfield_name;
42 const char *dbfield_passwd;
48 if (debug & DEBUG_AUTHEN_FLAG)
49 report(LOG_DEBUG, "MySQL: verify %s", user);
51 /* Connect database server */
53 if ( !( mysql_connect(&mysqldb,db_hostname,db_user,db_password) ) ) {
54 if (debug & DEBUG_AUTHEN_FLAG)
55 report(LOG_DEBUG, "MySQL: cannot connect as %s", db_user);
59 /* Select tacacs db */
61 if ( mysql_select_db(&mysqldb,db_name) ) {
62 if (debug & DEBUG_AUTHEN_FLAG)
63 report(LOG_DEBUG, "MySQL: cannot find database named %s",db_name);
67 /* Check select string length */
69 sql_len = strlen(dbfield_passwd)+strlen(dbfield_name)+strlen(db_table)+strlen(user)+strlen(AUTHSQL);
71 if ( sql_len> SQLCMDL ) {
72 if (debug & DEBUG_AUTHEN_FLAG)
73 report(LOG_DEBUG, "MySQL: Sql cmd exceed alowed limits");
77 /* Prepare select string */
79 mysqlcmd = (char *) tac_malloc(sql_len);
81 sprintf(mysqlcmd,AUTHSQL,dbfield_passwd,db_table,dbfield_name,user);
85 if (mysql_query(&mysqldb,mysqlcmd)) {
86 if (debug & DEBUG_AUTHEN_FLAG)
87 report(LOG_DEBUG, "MySQL: cannot query database ");
94 if (!(res = mysql_store_result(&mysqldb))) {
95 if (debug & DEBUG_AUTHEN_FLAG)
96 report(LOG_DEBUG, "MySQL: cannot store result");
100 if (!(row = mysql_fetch_row(res))) {
101 if (debug & DEBUG_AUTHEN_FLAG)
102 report(LOG_DEBUG, "MySQL: cannot fetch row");
106 if (strlen(row[0]) <=0 ) {
107 if (debug & DEBUG_AUTHEN_FLAG)
108 report(LOG_DEBUG, "MySQL: DB passwd entry is NULL");
112 /* Allocate memory for real_passwd */
113 real_passwd=(char *) tac_malloc(strlen(row[0])+1);
114 strcpy(real_passwd,row[0]);
116 if (!mysql_eof(res)) {
117 if (debug & DEBUG_AUTHEN_FLAG)
118 report(LOG_DEBUG, "MySQL: Result not end!!");
122 mysql_free_result(res);
123 mysql_close(&mysqldb);
125 if (debug & DEBUG_AUTHEN_FLAG)
126 report(LOG_DEBUG, "MySQL: verify password '%s' to DES encrypted string '%s'", users_passwd, real_passwd);
128 /* Try to verify the password */
129 if (!des_verify(users_passwd, real_passwd)) {
135 return (1); /* Return 1 if verified, 0 otherwise. */
139 int mysql_db_acct TAC_ARGS((const char *db_user, const char *db_password, const char *db_hostname, const char *db_name, const char *db_table, const char *s_name, const char *c_name, const char *a_username, const char *elapsed_time, const char *bytes_in, const char *bytes_out));
142 mysql_db_acct(db_user,db_password,db_hostname,db_name,db_table,s_name,c_name,a_username,elapsed_time,bytes_in,bytes_out)
143 const char *db_user; /* db's parameters */
144 const char *db_password;
145 const char *db_hostname;
147 const char *db_table;
150 const char *a_username;
151 const char *elapsed_time;
152 const char *bytes_in;
153 const char *bytes_out;
158 /* Connect database server */
160 if (!(mysql_connect(&mysqldb,db_hostname,db_user,db_password))) {
161 if (debug & DEBUG_ACCT_FLAG)
162 report(LOG_DEBUG, "MySQL: cannot connect as %s", db_user);
166 /*Select tacacs db */
168 if (mysql_select_db(&mysqldb,db_name)) {
169 if (debug & DEBUG_ACCT_FLAG)
170 report(LOG_DEBUG, "MySQL: cannot find database named %s",db_name);
174 /* Check buffer overflow for select string */
175 sql_len = strlen(db_table)+strlen(a_username)+strlen(s_name)+strlen(c_name)+strlen(elapsed_time)+strlen(bytes_in)+strlen(bytes_out)+strlen(ACCTSQL);
177 if ( sql_len >SQLCMDL) {
178 if (debug & DEBUG_ACCT_FLAG)
179 report(LOG_DEBUG, "MySQL: Sql cmd exceed alowed limits");
184 /* Prepare select string */
185 mysqlcmd=(char *) tac_malloc(sql_len);
187 sprintf(mysqlcmd,ACCTSQL,db_table,a_username,s_name,c_name,elapsed_time,bytes_in,bytes_out);
191 if (mysql_query(&mysqldb,mysqlcmd)) {
192 if (debug & DEBUG_ACCT_FLAG)
193 report(LOG_DEBUG, "MySQL: cannot query database");
200 /* Check if accounting is sucess */
201 if ( mysql_affected_rows( &mysqldb ) < 0 ) {
202 if (debug & DEBUG_ACCT_FLAG)
203 report(LOG_DEBUG, "MySQL: Insert isn't sucess");
207 return (1); /* Return 1 if verified, 0 otherwise. */
210 #else /* defined(DB_MYSQL) && defined(DB) */
214 #endif /* defined(DB_MYSQL) && defined(DB) */